Bank of America - Your transaction is completed - containing a virus

Fake / Scam Emails Containing Virus Attachments:
The Bank of America - "Your transaction is completed"
Scam with a Virus Attachment'

You may have received an email like the one below that looks very authentic, like it came from Bank of America, or a phone call about the same subject. In this case, the scammers are even more clever; all of the links in the email appear to be real, valid Bank of America links, but there is an attachment; which undoubtedly contains a virus or of malware. Norton Antispam flagged the email and moved it to the junk folder. Besides containing viruses or other malware, these emails are often an attempt to get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.

This email was not sent by Bank of America; Bank of America is a victim as well. This is referred to as spoofing (making a fake email that looks legitimate, "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, and especially if you have no Bank of America account, have not made a payment like that, DO NOT click on the link, and do not enter any information on the forms there.

Here's what Bank of America says, on their website, about what to do if you receicve an email like this with an attachment:

"Ways to identify phishing and spoofing emails include:

  • Links that appear to be Bank of America links but aren't. If you place your cursor over a link in a suspicious email, your email program most likely shows you the destination URL. Do not click the link, but look closely at the URL: A URL that is formatted bankofamerica.fakewebsite.com is taking you to a location on fakewebsite.com. Just because 'bankofamerica' is part of the URL does not guarantee that the site is an official Bank of America site.
  • Requests for personal information. Bank of American emails will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN.
  • Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information vian email.
  • Messages about system and security updates. We will never claim the need to confirm important information vian email due to system upgrades.
  • Offers that sound too good to be true. We will never ask you to fill out a customer service survey in exchange for money, then ask you to provide your account number so you can receive the money.
  • Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.

If you receive a suspicious email that uses Bank of America's name, forward it to us immediately atabuse@bankofamerica.com."

Remember, no reputable business would send you an email with an unsolicited attachment or requesting your personal account information. Any such email you receive asking for this information should be considered phony and brought to the attention of the business being 'phished'.

Anytime you need to go to a website for your bank, credit card companies or other personal, financial or confidential information; do not follow a link in an email; just type their address in your browser directly (such as www.BankofAmerica.com )

Below are actual phishing emails that started circulating in early 2013.


----- Forwarded message -----
-------- Original message --------
From: Marion Boone <acing34@gmail.com>
Date: 04/25/2013 1:11 PM (GMT-05:00)
To:
Subject: Your transaction is completed


Transaction is completed. $40091693 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Receipt on payment is attached.


*** This is an automatically generated email, please do not reply ***
Bank of America, N.A. Member FDIC. Equal Housing Lender Opens in new window
' 2013 Bank of America Corporation. All rights reserved

 

And another version:

-----Original Message-----
From: Bank of America [mailto:combsr2@gmail.com]
Sent: Monday, March 25, 2013 12:41 PM
To: jbslemmer@benivia.com
Subject: [Norton AntiSpam]Your transaction is completed

 

Transaction is completed. $6088 has been successfully transferred.

If the transaction was made by mistake please contact our customer service.

Payment receipt is attached.

 

*** This is an automatically generated email, please do not reply *** Bank of America, N.A. Member FDIC. Equal Housing Lender Opens in new window   2013 Bank of America Corporation. All rights reserved

 


The virus attachment

BitDefender         Trojan.Generic.KDZ.11234
GData             Trojan.Generic.KDZ.11234
Ikarus         Trojan-PWS.Win32.Fareit
McAfee         Ransom-FBGF!BD357F51A1D6

Recommendations- What to do:

  • Only open email or IM attachments that come from a trusted source and that are expected
  • Use an anti-virus/anti-spam package (we recommend Norton 360 or Norton Internet Security scan all attachments prior to opening. Click here to see Norton 360 2013 on Amazon.com .
  • Delete the messages without opening any attachments
  • Do not click on links in emails that come from people you do not know and trust, even if it looks like it comes from a company you know.
  • Keep your anti-virus software up to date
  • Keep your operating system up to date with current security patches. Click here for an article that describes how to do this.

And please let us know about any suspicious calls or emails you receive.  We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!


For More Information About Viruses and Adware, See:

The following documents and websites can help you learn more about virus attahments and how to protect yourself against malware.



 


 

For a comprehensive list of national and international agencies to report scams, see this page.